package com.swordliu.facebook.config.shiro;

import org.apache.shiro.cache.ehcache.EhCacheManager;
import org.apache.shiro.realm.Realm;
import org.apache.shiro.spring.LifecycleBeanPostProcessor;
import org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor;
import org.apache.shiro.spring.web.ShiroFilterFactoryBean;
import org.apache.shiro.web.mgt.DefaultWebSecurityManager;
import org.springframework.aop.framework.autoproxy.DefaultAdvisorAutoProxyCreator;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;

import java.util.LinkedHashMap;
import java.util.Map;

/**
 * 官方文档参考地址：http://shiro.apache.org/spring.html
 * Created by SwordLiu on 2017-07-05.
 */
@Configuration
public class shiroConfig {

    /**
     * shiro 过滤器链配置
     * @return
     */
    @Bean(name = "shiroFilter")
    public ShiroFilterFactoryBean getShiroFilterFactoryBean() {
        ShiroFilterFactoryBean filter = new ShiroFilterFactoryBean();
        filter.setSecurityManager(getDefaultWebSecurityManager());

        filter.setLoginUrl("/login.html");
//        filter.setSuccessUrl("/goIndex");
        filter.setUnauthorizedUrl("redirect:/login.html");

        //使用 LinkedHashMap ，保证过滤器按照定义的顺序执行
        Map<String, String> map = new LinkedHashMap<>();
//        map.put("/loginPage", "anon");
        map.put("/login.do", "anon");
        map.put("/regist.do", "anon");
        map.put("/media/**", "anon");
        map.put("/error/**", "anon");
        map.put("/**", "authc");

        filter.setFilterChainDefinitionMap(map);
        return filter;
    }

    /**
     * 配置shiro安全管理器
     * @return
     */
    @Bean(name = "securityManager")
    public DefaultWebSecurityManager getDefaultWebSecurityManager() {
        DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager();
        //设置验证域
        securityManager.setRealm(getShiroRealm());
        //设置安全管理器缓存
        securityManager.setCacheManager(getEhCacheManager());
        return securityManager;
    }

    /**
     * shiro 生命周期:保证实现了Shiro内部lifecycle函数的bean执行
     * @return
     */
    @Bean(name = "lifecycleBeanPostProcessor")
    public LifecycleBeanPostProcessor getLifecycleBeanPostProcessor() {
        return new LifecycleBeanPostProcessor();
    }

    /**
     * 验证域
     * @return
     */
    @Bean(name = "shiroRealm")
    public Realm getShiroRealm() {
        return new ShiroRealm();
    }

    /**
     * 配置shiro缓存
     * @return
     */
    @Bean(name = "ehCacheManager")
    public EhCacheManager getEhCacheManager() {
        EhCacheManager ehCacheManager = new EhCacheManager();
        ehCacheManager.setCacheManagerConfigFile("classpath:config/shiro/ehcache-shiro.xml");
        return ehCacheManager;
    }

    /**
     * shiro 配置注解支持:AOP式方法级权限检查
     * @return
     */
    @Bean
    public DefaultAdvisorAutoProxyCreator getDefaultAdvisorAutoProxyCreator() {
        DefaultAdvisorAutoProxyCreator proxyCreator = new DefaultAdvisorAutoProxyCreator();
        proxyCreator.setProxyTargetClass(true);
        return proxyCreator;
    }

    /**
     * shiro 配置注解支持
     * @return
     */
    @Bean
    public AuthorizationAttributeSourceAdvisor getAuthorizationAttributeSourceAdvisor() {
        AuthorizationAttributeSourceAdvisor advisor = new AuthorizationAttributeSourceAdvisor();
        advisor.setSecurityManager(getDefaultWebSecurityManager());
        return advisor;
    }

}
